<?php


 
// username and password sent from form 
$a=$_POST['authority']; 
//return;
$id=$_POST['id']; 
if(!$_POST['id']){
header("location:../index.php?page=manage_users&stat=error&error=missing");
}
if($a=='pick'&&isset($_POST['pick'])){//hard case
	
	$authority = implode(",", $_POST['pick']);
	
}elseif($a=='pick'&&!isset($_POST['pick'])){
	$authority=='none';
}else{
	$authority=='none';
}


if($a=='pick'){
	$pick=$_POST['pick'];
	$position=array();
	foreach($pick as $auth){
		
		$pos="";
		if(is_numeric($auth)){
			$pos=getOrganizationType($auth);
		}elseif($auth=='all'){
			$pos="d";
		}elseif($auth=='accounting'){
			$pos="a";
		}elseif($auth=='management'){
			$pos="m";
		}else{
		
		}
		
		if (!in_array($pos, $position)&&$pos!=""){
			array_push($position,$pos);
		}
	}
	$position=implode(",", $position);
}else{
	$position="";
}




$sql="UPDATE  `backoffice`.`user` SET  `position` =  '$position',`authority` =  '$authority' WHERE  `user`.`id` ='$id'";   


mysql_query($sql);

header("location:../index.php?page=manage_users&stat=altered");

?>